5+ Information security management system Jobs in India

About WiseTech Global:

WiseTech Global is a leading force in empowering and revolutionizing the world's supply chains. Our innovative technologies play a pivotal role in safeguarding the data and ensuring the security of thousands of users globally, including the world's largest freight forwarders. We are dedicated to delivering efficiency, transparency, and confidence through our Governance, Risk, and Compliance (GRC) framework.

The Opportunity:

We are seeking an experienced Senior Governance, Risk, and Compliance (GRC) Analyst with expertise in managing acquisitions, integrating them seamlessly into our company's way of working as well as responding to our customers' security questionnaires.

The ideal candidate should have 7+ years of direct work experience and a proven track record of successfully navigating the challenges associated with assimilating newly acquired entities into existing business operations.

The role requires a keen understanding of regulatory compliance, risk management, and a strategic mindset to ensure smooth and efficient integration processes. The GRC Analyst will play a critical role in enhancing our overall GRC posture and maintaining regulatory compliance for WiseTech Global.

Given the close collaboration with technical security teams, the ideal candidate will bring a solid background in technical cybersecurity (e.g. experience as a Security Analyst, SecOps Analyst, Incident Response Analyst or similar), alongside recent and relevant experience in governance, risk, and compliance (GRC).

Key Responsibilities:

· Acquisition Assessment: Collaborate with cross-functional teams to assess the GRC landscape of newly acquired companies, identifying gaps and alignment opportunities.

· Integration Planning: Develop comprehensive integration plans tailored to each acquisition, ensuring alignment with the company's overarching GRC strategy.

· Risk Management: Evaluate and mitigate risks associated with integration processes, working closely with risk management teams.

· Policy and Procedure Harmonization: Bridge gaps between existing practices and those of acquired entities, harmonizing policies, procedures, and controls.

· Communication and Stakeholder Management: Effectively communicate integration plans and progress, fostering strong relationships with key stakeholders.

· Reporting and Documentation: Maintain accurate documentation of integration activities and generate insightful reports for senior management.

· Continuous Improvement: Identify areas for improvement and drive enhancements to the integration process.

· Customer Security Questionnaire Support: Collaborate with various teams to ensure accurate and comprehensive responses to customer security questionnaires.

· Strong foundation in core IT or Cybersecurity principles, ideally supported by hands-on experience in areas such as networking, system administration, or security operations.

Qualifications and Desired Experience:

· 7+ years of hands-on experience in GRC, preferably with a focus on acquisition integration.

· Strong knowledge of regulatory compliance requirements, risk management frameworks, including ISO 27001, NIST.

· Experience with SOC1/2, GDPR, and privacy frameworks.

· Proficiency in information security tools, techniques, and controls.

· Experience with metrics and KPIs to measure and track information security risk.

· Ability to develop policies, standards, and guidelines.

· ISO27001:2022 Lead Implementer, and lead auditor certifications are desirable.

· CISA, CISM, CISSP, or CRISC certifications are desirable.

· Experience with GRC tools, such as Vanta, Archer, ServiceNow Risk modules is highly desirable.

· Exposure to CMMC/FedRAMP is highly desirable.

Candidate Characteristics:

· Exceptional communication and interpersonal skills.

· Analytical mindset with the ability to identify, assess, and mitigate risks.

· Good project management skills with ISMS and control implementation experience.

· Knowledge of GRC software tools and technology.

· Attention to detail and commitment to high-quality deliverables that meet business and compliance objectives.

Why Join WiseTech Global:

At WiseTech Global, we don't just offer a job; we provide an opportunity to excel. We believe in hiring the best talent who can drive themselves and our business to greater heights. Join us in our mission to transform global trade, one innovation at a time.

Join WiseTech Global and be a part of a dynamic and innovative team dedicated to transforming global trade.

Before You Apply:

From time to time, WiseTech Global may use an external service provider to assess applications on our behalf. Accordingly, by applying for this role and providing your personal information to WiseTech Global, you consent to WiseTech Global providing this information to our external service providers who are required to treat such information with strict confidentiality in line with privacy and data protection laws and regulations.

SENIOR INFORMATION SECURITY ENGINEER (DEVSECOPS)

Key Skills: Software Development Life Cycle (SDLC), CI/CD

About Company: Consumer Internet / E-Commerce

Company Size: Mid-Sized

Experience Required: 6 - 10 years

Working Days: 5 days/week

Office Location: Bengaluru [Karnataka]

Review Criteria:

Mandatory:

• Strong DevSecOps profile
• Must have 5+ years of hands-on experience in Information Security, with a primary focus on cloud security across AWS, Azure, and GCP environments.
• Must have strong practical experience working with Cloud Security Posture Management (CSPM) tools such as Prisma Cloud, Wiz, or Orca along with SIEM / IDS / IPS platforms
• Must have proven experience in securing Kubernetes and containerized environments including image security,runtime protection, RBAC, and network policies.
• Must have hands-on experience integrating security within CI/CD pipelines using tools such as Snyk, GitHub Advanced Security,or equivalent security scanning solutions.
• Must have solid understanding of core security domains including network security, encryption, identity and access management key management, and security governance including cloud-native security services like GuardDuty, Azure Security Center etc
• Must have practical experience with Application Security Testing tools including SAST, DAST, and SCA in real production environments
• Must have hands-on experience with security monitoring, incident response, alert investigation, root-cause analysis (RCA), and managing VAPT / penetration testing activities
• Must have experience securing infrastructure-as-code and cloud deployments using Terraform, CloudFormation, ARM, Docker, and Kubernetes
• B2B SaaS Product companies
• Must have working knowledge of globally recognized security frameworks and standards such as ISO 27001, NIST, and CIS with exposure to SOC2, GDPR, or HIPAA compliance environments

Preferred:

• Experience with DevSecOps automation, security-as-code, and policy-as-code implementations
• Exposure to threat intelligence platforms, cloud security monitoring, and proactive threat detection methodologies, including EDR / DLP or vulnerability management tools
• Must demonstrate strong ownership mindset, proactive security-first thinking, and ability to communicate risks in clear business language

Roles & Responsibilities:

We are looking for a Senior Information Security Engineer who can help protect our cloud infrastructure, applications, and data while enabling teams to move fast and build securely.

This role sits deep within our engineering ecosystem. You’ll embed security into how we design, build, deploy, and operate systems—working closely with Cloud, Platform, and Application Engineering teams. You’ll balance proactive security design with hands-on incident response, and help shape a strong, security-first culture across the organization.

If you enjoy solving real-world security problems, working close to systems and code, and influencing how teams build securely at scale, this role is for you.

What You’ll Do-

Cloud & Infrastructure Security:

• Design, implement, and operate cloud-native security controls across AWS, Azure, GCP, and Oracle.
• Strengthen IAM, network security, and cloud posture using services like GuardDuty, Azure Security Center and others.
• Partner with platform teams to secure VPCs, security groups, and cloud access patterns.

Application & DevSecOps Security:

• Embed security into the SDLC through threat modeling, secure code reviews, and security-by-design practices.
• Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
• Secure infrastructure-as-code and containerized workloads using Terraform, CloudFormation, ARM, Docker, and Kubernetes.

Security Monitoring & Incident Response:

• Monitor security alerts and investigate potential threats across cloud and application layers.
• Lead or support incident response efforts, root-cause analysis, and corrective actions.
• Plan and execute VAPT and penetration testing engagements (internal and external), track remediation, and validate fixes.
• Conduct red teaming activities and tabletop exercises to test detection, response readiness, and cross-team coordination.
• Continuously improve detection, response, and testing maturity.

Security Tools & Platforms:

• Manage and optimize security tooling including firewalls, SIEM, EDR, DLP, IDS/IPS, CSPM, and vulnerability management platforms.
• Ensure tools are well-integrated, actionable, and aligned with operational needs.

Compliance, Governance & Awareness:

• Support compliance with industry standards and frameworks such as SOC2, HIPAA, ISO 27001, NIST, CIS, and GDPR.
• Promote secure engineering practices through training, documentation, and ongoing awareness programs.
• Act as a trusted security advisor to engineering and product teams.

Continuous Improvement:

• Stay ahead of emerging threats, cloud vulnerabilities, and evolving security best practices.
• Continuously raise the bar on a company's security posture through automation and process improvement.

Endpoint Security (Secondary Scope):

• Provide guidance on endpoint security tooling such as SentinelOne and Microsoft Defender when required.

Ideal Candidate:

• Strong hands-on experience in cloud security across AWS and Azure.
• Practical exposure to CSPM tools (e.g., Prisma Cloud, Wiz, Orca) and SIEM / IDS / IPS platforms.
• Experience securing containerized and Kubernetes-based environments.
• Familiarity with CI/CD security integrations (e.g., Snyk, GitHub Advanced Security, or similar).
• Solid understanding of network security, encryption, identity, and access management.
• Experience with application security testing tools (SAST, DAST, SCA).
• Working knowledge of security frameworks and standards such as ISO 27001, NIST, and CIS.
• Strong analytical, troubleshooting, and problem-solving skills.

Nice to Have:

• Experience with DevSecOps automation and security-as-code practices.
• Exposure to threat intelligence and cloud security monitoring solutions.
• Familiarity with incident response frameworks and forensic analysis.
• Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+.

Perks, Benefits and Work Culture:

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the comprehensive benefits that company offers.

Job description:

Company: Glan Management Consultancy

Location: Gurgaon

Experience: 7-15 year

Salary:

Employment Type:

Job Description:

Job Title: Manager Information Security – ITJob Purpose: Acting in a key technical management & execution capacity to provide a conduit between IT teams and key business stakeholders in your functional area of IT Security to ensure information technology needs are managed consistently, following professional IT and global standards, and delivered with a high level of quality and customer satisfaction.Reward level: Middle ManagementJob Location GurgaonExperience 10+ yearsRelevant Experience 7+ yearsReporting to: General ManagerQualification: Bachelor degree in ITKey Deliverables:

• Provide support as Lead auditor towards ISMS and PIMS policies, procedures, and guidelines and perform regular review and update.
• Perform deep assessment to gather evidence of continuous compliance with ISO 27001:2022 and ISO 27701:2019, DPDPA, IT Act and Cert In Regulation including audit logs, records of reviews, timely closure of open audit and risks and sharing the report with management.
• Conduct regular, documented information security and privacy risk assessments identifying assets, threats, vulnerabilities, likelihood, and impact with stakeholders.
• Prioritize identified vulnerabilities, detailed findings, remediation recommendations, trending reports on vulnerability posture towards closure with stakeholders.
• Development and implementation of a comprehensive, ongoing security awareness and training program for all employees.
• Encourage secure behaviours among colleagues and reinforce the importance of information security and privacy in daily operations.
• Prepare regular report on overall information security posture, GRC maturity, and risk landscape to relevant stakeholders
• Ability to collect lessons learned from incidents, audits, and assessments to drive continuous improvement in ISMS/PIMS and security processes.
• Key Relationships
• Internal IT and business customers.
• Global IT Vendor, market and global (HQ) colleagues, Local vendor partners
• Internal staff - direct reports (where applicable)IT vendors, contractors (where applicable)
• Knowledge Skills and Abilities:
• Must possess and demonstrate ISO 27001 Lead Implementer/Auditor and ISO 27701 Lead Implementer/Auditor certifications and knowledge.
• In depth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as well as UK DPA and ISO 31000
• Good to have certification on CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) and Cloud Security certifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty)
• Familiarity with common vulnerability scanning tools like Qualys (features, reporting, agent-based vs. network scans) and Cloud Security Posture Management (CSPM) tools like Wiz (cloud service provider configurations, misconfigurations, compliance checks in AWS, Azure, GCP).
• Understanding of various penetration testing types (e.g., network, web application, API, mobile, cloud) and methodologies
• Knowledge of common attack vectors and exploitation techniques like MITRE ATTACK and DEFEND framework.
• Basic to intermediate knowledge of common security controls and technologies (e.g., firewalls, EDR, Cloud Security, VAPT tools, SIEM, WAF, DLP, encryption).
• Understanding of network protocols, operating systems (Windows, Linux), and common application architectures.
• Knowledge of audit principles and practices (internal and external audits).
• Understanding of corrective action planning and non-conformity management.
• Understanding of third-party risk management principles and vendor due diligence processes.
• Excellent technical writing skills for creating clear, concise, and comprehensive security policies, standards, and procedures.
• Ability to analyse complex risk data and present actionable insights.
• Hands-on experience with Qualys for configuring scans, analysing reports, and managing vulnerabilities.
• Hands-on experience with Wiz CSPM for monitoring cloud environments, identifying misconfigurations, and generating compliance reports.
• Proficiency with GRC platforms or tools for managing policies, risks, and controls
• Exceptional verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders
• Ability to build strong relationships and collaborate effectively with diverse teams (IT, Legal, HR, Development, Business Units).
• Skills in influencing behaviour and driving change across the organization to improve security posture.
• Strong analytical skills to diagnose security issues, identify root causes, and develop effective solutions.
• Ability to critically evaluate security controls and identify gaps.
• Contract review and negotiation skills specifically for security-related services.
• Ability to effectively manage vendor relationships and performance.
• Ability to develop and deliver engaging security training sessions and awareness campaigns.
• Ability to stay updated with the latest security threats, vulnerabilities, technologies, and regulatory changes.
• Capacity to quickly learn and adapt to new tools and methodologies.
• Meticulous attention to detail in policy creation, audit documentation, and vulnerability analysis.
• Ability to act calmly and effectively during security incidents and contribute to incident response efforts.

mail updated resume with salary details-

Key Skill:

information security manager, IT security, ISO 27001 LA, ISO 27001 LI, ISO 27001 LI/LA, ISO 27701, ISO 31000, internal auditor, DPDPA, CISM, compliance ISO 27001:2022

Responsibilities:

 • Managing all Network equipment and ensuring uptime

 • Attend the Incident Management calls.

 • Create diagrams as per the requirements with respect to process and locations.

 • Making configuration changes to devices, if any

 • To keep updating the documents.

 • Monitoring the network to determine capacity usage and escalate/ recommend necessary steps wit seniors.

 • Resolution of network faults within the time

 • Identifying LAN/WAN faults and resolving them through vendors providing maintenance services

 • Updating documentation of the LAN, like IP address register, PC IDs, Router configurations, hardware, network diagrams as and when changes happen.

 • Providing second level support for any network problems and troubleshooting the same in coordination with the vendor.

 • Creation of external and internal networks

 • Planning, implementation, and configuration of monitoring and maintenance network hardware and telecommunications links, including routers, switches, IDS, load-balancing, etc for expansions of network

 • Implementation and maintenance of network architecture components for managed services, including OS installation hardening management, implementation and maintenance of network monitoring tool sets

 • Establish and maintain a redundant network operations environment, including substantial software and hardware fail-over, monitoring and testing the configuration performance

 • Manage proper testing of the network environment, including simulations, stress testing, and benchmarks for both preventive maintenance and reporting purposes

 • Implementation and maintenance with consistent improvement of network security measures

 • Installation of router switches and LAN /WAN equipment

Roles and responsibilities:

- Audit the current Information Security system and procedures and do a Gap analysis

- Identify immediate potential Information Security Risks and manage remediation tasks through to closure

- Create an Information Security Compliance Roadmap and execute end-to-end compliance initiatives by that roadmap

- Design high-quality test plans and direct Data/Information security control test activities

- Continuously improve Octro Data/Information security control framework

- Maintain handbook pages and procedures related to Information security compliance

- Identify opportunities for Information security compliance control automation, execute them and then maintain

- Provide actionable and constructive advisement to cross-functional teams, including driving remediation activities for high and select moderate-risk Observations across all Octro departments

- Design, develop, and deploy scripts to automate continuous control monitoring, administrative tasks and metric reporting for all security compliance programs

- Direct and support external audits as and when necessary

Requirements

- A minimum of 6-8 years' experience working with Data/Information Security Compliance programs

- Detailed knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO, SOC 2, GDPR, PCI etc.

About Octro Inc :

We are one of the fastest-growing mobile gaming companies around, a technology-driven organization at heart, and take pride in the platforms we create.

Founded in 2006 with a mission to create productivity applications for Mobile Devices. After pioneering one of the first mobile Voice-over-IP infrastructures called OctroTalk, the company ventured into building mobile gaming platforms. Sequoia Capital has invested in Octro. The funding was announced in June 2014.